1-10
Firepower 7000 and 8000 Series Installation Guide
Chapter 1 Introduction to the Firepower System
Firepower System Components
After your appliance is installed, use the web browser to configure multiple management interfaces. See
Multiple Management Interfaces in the Firepower Management Center Configuration Guide for more
information.
Network Traffic Management
The Firepower System’s network traffic management features allow 7000 and 8000 Series devices to act
as part of your organization’s network infrastructure. You can:
• configure a Layer 2 deployment to perform packet switching between two or more network
segments
• configure a Layer 3 deployment to route traffic between two or more interfaces
• perform network address translation (NAT)
• build secure VPN tunnels from virtual routers on managed devices to remote devices or other
third-party VPN endpoints
Discovery and Identity
Cisco’s discovery and identity technology collects information about hosts, operating systems,
applications, users, files, networks, geolocation information, and vulnerabilities, in order to provide you
with a complete view of your network.
You can use the Firepower Management Center’s web interface to view and analyze data collected by
the system. You can also use discovery and identity to help you perform access control and modify
intrusion rule states.
Access Control
Access control is a policy-based feature that allows you to specify, inspect, and log the traffic that
traverses your network. As part of access control, the Security Intelligence feature allows you to
blacklist—deny traffic to and from—specific IP addresses before the traffic is subjected to deeper
analysis.
After Security Intelligence filtering occurs, you can define which and how traffic is handled by targeted
devices, from simple IP address matching to complex scenarios involving different users, applications,
ports, and URLs. You can trust, monitor, or block traffic, or perform further analysis, such as:
• intrusion detection and prevention
• file control
• file tracking and network-based advanced malware protection (AMP)
Intrusion Detection and Prevention
Intrusion detection and prevention is a policy-based feature, integrated into access control, that allows
you to monitor your network traffic for security violations and, in inline deployments, to block or alter
malicious traffic. An intrusion policy contains a variety of components, including:
• rules that inspect the protocol header values, payload content, and certain packet size characteristics
• rule state configuration based on FireSIGHT recommendations
• advanced settings, such as preprocessors and other detection and performance features
• preprocessor rules that allow you to generate events for associated preprocessors and preprocessor
options
To Next Page
Loading...
